Better Broadband Better Lives

Telecommuting Creates High Risk of Data Breaches, Says Privacy Group

WASHINGTON, July 30 – Companies allowing their employees to telecommute from home, or even on the road at hotels and coffee shops, are undertaking heavy risks of data breaches, according to a report issued Tuesday by the privacy group Center for Democracy and Technology.

Although telecommuting has been developed as a way to “manage fixed assets” by – in other words – lowering the costs of housing employees at offices, such companies are running risks of hacker attacks.

Telecommuting has been heavily promoted by broadband providers as an energy-efficient alternative to commuting to offices at a single physical location.

Ari Schwartz, vice president of CDT, said that the risks are greater for employees who work from home all the time, as opposed to employees that only occasionally work from home.

“It is difficult enough to secure a corporate network with the constant and persistent threat from malicious external parties, from hackers to spammers to viruses,” reads the CDT report, titled “Risk at Home: Privacy and Security Risks in Telecommuting.”

If employee were to work from home using his or her own personal computer, it becomes even more difficult for the company to keep its information safe. Unless the company’s network engineers equipped the employee’s personal computer, the company is at high risk, said CDT.

And if companies do equip employees’ personal computers with enterprise-level network security, then the employee’s personal information is in jeopardy by being available to his or her employer. This can effectively set a trap where the employee’s online actions are always being closely watched by the company.

According to the report released by CDT, companies affected by computer security problems in telecommuting include 20% of the Fortune 100.

Among the problems leading to the high risks are the lack of formal company policies, as well as inadequate operational procedures and training.

Employers must take extra precautions to educate their employees about the risks of data losses, and ways to prevent or mitigate the risk of breaches of personal information.

Finally, there is also a lack of consistency in background screening of potential new hires by their employers.